Project Overview: In this project, I was brought in by ALPHA CARE SERVICES LLC, a leading provider of adult rehabilitative mental health services (ARMHS) based on Minneapolis MN, to overhaul their information security policies and procedures and develop a comprehensive security policy framework tailored to their specific needs and regulatory requirements. Drawing on industry best practices and frameworks such as ISO 27001, NIST (National Institute of Standards and Technology), and HIPAA (Health Insurance Portability and Accountability Act), the goal was to establish a robust foundation for protecting sensitive patient data and ensuring compliance with regulatory standards.

Conducting Assessments: I thoroughly analyzed existing documentation and controls and benchmarked them against industry standards like ISO 27001, NIST Cybersecurity Framework, and HIPAA to reveal policy gaps.

Optimizing Information Security Management: Leveraging ISO 27001, I instituted an Information Security Management System (ISMS) defining processes and controls to address risks to confidentiality, integrity, and availability of mental health data.

Improving Cybersecurity Preparedness: Incorporating NIST guidelines, I established protocols for identifying, protecting against, detecting, responding to, and recovering from cybersecurity incidents through enhanced threat monitoring and response workflows.

Strengthening Healthcare Data Protections: Integrating specifics of HIPAA Security Rule, I bolstered safeguards for electronic protected health information (ePHI), including workforce training, access controls, encryption, and auditing.

My deliverables to ALPHA CARE SERVICES LLC aimed to balance implementation of standardized security frameworks with accommodating nuances of their unique healthcare environments. This encompassed an overhauled Security Policy Manual as well as a Risk Management Plan and HIPAA documentation. With these enhanced policies and procedures in place, ALPHA CARE is better equipped to secure patient information, address threats, and maintain regulatory compliance.

Benefits:

Enhanced Security Posture: Aligning with ISO 27001 and NIST standards established a robust, risk-based security framework with protections against cyber threats.

Regulatory Compliance: Integrating HIPAA requirements reduced risk of non-compliance penalties and insured adherence to healthcare data protections.

Improved Risk Management: A formalized risk framework enabled data-driven decisions for resource allocation based on identified threats.